Re: Can we disable diffie-hellman-group-exchange-sha1 by default?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



The main concern about this method is that such file is not
independently reproducible. This may be worrying for some more
paranoid folks.

On Fri, Feb 15, 2019 at 6:04 AM Darren Tucker <dtucker@xxxxxxxxxxx> wrote:
>
> On Fri, 15 Feb 2019 at 13:21, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
> > Also, how are default moduli shipped with OpenSSH for use in
> > diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
> > randomly by developers or are they chosen for security properties?
>
> A bit of both.  They're generated using ssh-keygen(1) in a 2 step
> process (look for the -G and -T options).  For each group size,
> candidates are picked at random and then screened (see
> https://github.com/openssh/openssh-portable/blob/master/moduli.c).
>
> > If they are random, why not use moduli from RFC 7919 instead, like
> > Mozilla recommends?
>
> Quoting RFC4419 (which predates 7919 by more than a decade):
> """
>    we fear that extensive precomputation and more efficient
>    algorithms to compute the discrete logarithm over a fixed group might
>    pose a security threat to the SSH protocol.
>    The ability to propose new groups will reduce the incentive to use
>    precomputation for more efficient calculation of the discrete
>    logarithm.  The server can constantly compute new groups in the
>    background.
> ""
>
> Using a small, fixed set of groups shared with another protocol would
> be counter to this goal (see also: LogJam and the Oakley groups).
> You're welcome to replace your file with the ones from RFC7919,
> though.
>
> --
> Darren Tucker (dtucker at dtucker.net)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux